Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sensiolabs vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-11406
An issue exists in the Security component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled ...
Sensiolabs Symfony
Debian Debian Linux 9.0
5.8
CVSSv2
CVE-2018-11408
The security handlers in the Security component in Symfony in 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this i...
Sensiolabs Symfony
Debian Debian Linux 8.0
5.8
CVSSv2
CVE-2017-16652
An issue exists in Symfony 2.7.x prior to 2.7.38, 2.8.x prior to 2.8.31, 3.2.x prior to 3.2.14, and 3.3.x prior to 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response,...
Sensiolabs Symfony
Debian Debian Linux 8.0
4
CVSSv2
CVE-2017-16790
An issue exists in Symfony prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are the...
Sensiolabs Symfony
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-16653
An issue exists in Symfony prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can...
Sensiolabs Symfony
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2018-11386
An issue exists in the HttpFoundation component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and...
Sensiolabs Symfony
Debian Debian Linux 9.0
5
CVSSv2
CVE-2018-19789
An issue exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9, and 4.2.x prior to 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's t...
Sensiolabs Symfony
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2013-4752
Symfony 2.0.X prior to 2.0.24, 2.1.X prior to 2.1.12, 2.2.X prior to 2.2.5, and 2.3.X prior to 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit ...
Sensiolabs Symfony
Fedoraproject Fedora 18
Fedoraproject Fedora 19
5
CVSSv2
CVE-2021-21424
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch user...
Sensiolabs Symfony
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.8
CVSSv2
CVE-2019-18887
An issue exists in Symfony 2.8.0 up to and including 2.8.50, 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
Sensiolabs Symfony
Fedoraproject Fedora 30
Fedoraproject Fedora 31
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »